Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names

[Rodney Thayer <rodney@tillerman.nu>]

It's an IP _Security_ gateway.  It' in the protection business.  If it finds something funny about anything (like the wrong cert coming from the wrong place) it should do something.  It's supposed to be protecting against, for example, IP address spoofing or use of stolen router.

At 03:58 PM 9/10/98 +0300, you wrote:
>At 08:11 10/09/98 -0400, you wrote:
>
>>So a random packet from an illegitimate address identified with 
>>a certificate from example.com (a defined-to-be-invalid domain) is fine?
>
>Do you trust the CA that signed the certificate? Is the certificate
>still valid?
>If you answer both questions with "yes", it is fine.
>
>>So the actual identity and the sanity of that identity are irrelevant?
>
>You don't check the "sanity of that identity". The CA should do.
>You just check the sanity of the CA.
>
>Jörn Sierwald
>

---

References:

• Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
• From: Rodney Thayer <rodney@tillerman.nu>
• Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
• From: Tero Kivinen <kivinen@ssh.fi>
• Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
• From: Rodney Thayer <rodney@tillerman.nu>
• comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
• From: Moshe Litvin <moshe@cale.checkpoint.com>
• Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
• From: Joern Sierwald <joern.sierwald@datafellows.com>

---

• Prev by Date: Re: questions: key length & cert retrieve: draft-ietf-ipsec-pki-req-01.txt
• Next by Date: RE: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
• Prev by thread: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
• Next by thread: Re: comments on draft-ietf-ipsec-pki-req-01.txt - alternate names
• Index(es):
  • Main
  • Thread